[libvirt] [PATCH v2] build: fix build with libselinux 2.3

Wed May 28 17:29:33 UTC 2014

Cédric Bosdonnat wrote:
> Several function signatures changed in libselinux 2.3, now taking
> a 'const char *' instead of 'security_context_t'.  The latter is
> defined in selinux/selinux.h as
>
>   typedef char *security_context_t;
> ---
>  m4/virt-selinux.m4            | 18 ++++++++++++++++++
>  tests/securityselinuxhelper.c | 16 ++++++++++++++++
>  2 files changed, 34 insertions(+)
>
> diff --git a/m4/virt-selinux.m4 b/m4/virt-selinux.m4
> index 003c2a8..c299793 100644
> --- a/m4/virt-selinux.m4
> +++ b/m4/virt-selinux.m4
> @@ -28,6 +28,24 @@ AC_DEFUN([LIBVIRT_CHECK_SELINUX],[
>      [with_selinux_mount=check])
>  
>    if test "$with_selinux" = "yes"; then
> +  AC_CACHE_CHECK([for selinux setcon parameter type], [gt_cv_setcon_param],
> +    [AC_COMPILE_IFELSE(
> +      [AC_LANG_PROGRAM(
> +         [[
> +#include <selinux/selinux.h>
> +
> +int setcon(const security_context_t context) {
> +    return 0;
> +}
> +         ]],
> +         [[]])],
> +         [gt_cv_setcon_param='security_context'],
> +         [gt_cv_setcon_param='const char*'])])
> +    if test "$gt_cv_setcon_param" = 'const char*'; then
> +       AC_DEFINE_UNQUOTED([SELINUX_CTX_CHAR_PTR], 1,
> +                          [SELinux uses char * for security context])
> +    fi
> +
>   

As Eric suggested, this is much better than the version check.  But I'll
defer review of this fun code to him :-).

>      AC_MSG_CHECKING([SELinux mount point])
>      if test "$with_selinux_mount" = "check" || test -z "$with_selinux_mount"; then
>        if test -d /sys/fs/selinux ; then
> diff --git a/tests/securityselinuxhelper.c b/tests/securityselinuxhelper.c
> index dbc4c29..af4fae4 100644
> --- a/tests/securityselinuxhelper.c
> +++ b/tests/securityselinuxhelper.c
> @@ -156,7 +156,11 @@ int getpidcon(pid_t pid, security_context_t *context)
>      return getpidcon_raw(pid, context);
>  }
>  
> +#ifdef SELINUX_CTX_CHAR_PTR
> +int setcon_raw(const char *context)
> +#else
>  int setcon_raw(security_context_t context)
> +#endif
>   

I tried Eric's alternative of defining a VIR_SELINUX_CTX_CONST to either
'' or 'const', but couldn't get that to work.  Deferring to Eric as well...

Nonetheless, this patch works for me and is a good improvement over V1.

Regards,
Jim

>  {
>      if (!is_selinux_enabled()) {
>          errno = EINVAL;
> @@ -165,13 +169,21 @@ int setcon_raw(security_context_t context)
>      return setenv("FAKE_SELINUX_CONTEXT", context, 1);
>  }
>  
> +#ifdef SELINUX_CTX_CHAR_PTR
> +int setcon(const char *context)
> +#else
>  int setcon(security_context_t context)
> +#endif
>  {
>      return setcon_raw(context);
>  }
>  
>  
> +#ifdef SELINUX_CTX_CHAR_PTR
> +int setfilecon_raw(const char *path, const char *con)
> +#else
>  int setfilecon_raw(const char *path, security_context_t con)
> +#endif
>  {
>      const char *constr = con;
>      if (STRPREFIX(path, abs_builddir "/securityselinuxlabeldata/nfs/")) {
> @@ -182,7 +194,11 @@ int setfilecon_raw(const char *path, security_context_t con)
>                      constr, strlen(constr), 0);
>  }
>  
> +#ifdef SELINUX_CTX_CHAR_PTR
> +int setfilecon(const char *path, const char *con)
> +#else
>  int setfilecon(const char *path, security_context_t con)
> +#endif
>  {
>      return setfilecon_raw(path, con);
>  }
>   